CVE Notify
19.3K subscribers
4 photos
203K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2026-43663
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

πŸŽ–@cveNotify
🚨 CVE-2026-43676
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

πŸŽ–@cveNotify
🚨 CVE-2026-43699
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

πŸŽ–@cveNotify
🚨 CVE-2026-43700
A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information.

πŸŽ–@cveNotify
🚨 CVE-2026-43701
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox.

πŸŽ–@cveNotify
🚨 CVE-2026-43703
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

πŸŽ–@cveNotify
🚨 CVE-2026-43704
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash.

πŸŽ–@cveNotify
🚨 CVE-2026-43705
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption.

πŸŽ–@cveNotify
🚨 CVE-2026-43706
A double free issue was addressed with improved memory management. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

πŸŽ–@cveNotify
🚨 CVE-2026-43707
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

πŸŽ–@cveNotify
🚨 CVE-2026-43708
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin.

πŸŽ–@cveNotify
🚨 CVE-2026-43709
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

πŸŽ–@cveNotify
🚨 CVE-2026-2725
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.

πŸŽ–@cveNotify
🚨 CVE-2026-36738
U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain unrestricted access to device functionality.

πŸŽ–@cveNotify
🚨 CVE-2019-25716
DrΓ€ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.

πŸŽ–@cveNotify
🚨 CVE-2019-25718
DrΓ€ger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.

πŸŽ–@cveNotify
🚨 CVE-2019-25717
DrΓ€ger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.

πŸŽ–@cveNotify
🚨 CVE-2026-47065
ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy


Assessment: Fully addressed.


When the serialised stream contains a TC_PROXYCLASSDESC (the marker
for a java.lang.reflect.Proxy ), JDK’s ObjectInputStream.readProxyDesc()
is
dispatched. JDK then calls the default
ObjectInputStream.resolveProxyClass(interfaces) implementation, which
performs Class.forName(intf, false, latestUserDefinedLoader()) for EACH
interface name and constructs the proxy class Ò€” bypassing the accepted
classes list .


ZDRES-233: Class.forName(name, initialize=true, classLoader) in
readClassDescriptor Triggers Static Initialiser of Allow-Listed Classes


Assessment: Fully addressed.


For ANY class on the allow-list, deserialising a stream that names it triggers the class’s
(static initialiser) BEFORE any instance is constructed. This means an
attacker who supplies a class name on the allow-list (e.g., the
developer wrote accept(β€œcom.myapp.*") , attacker supplies
com.myapp.SomeClass ) causes <clinit> of SomeClass Ò€” and many
real-world classes have side-effecting static initialisers


Both issues have been fixed.

πŸŽ–@cveNotify
🚨 CVE-2026-6657
A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use of `re.match()` for validating the `Origin` header, which only anchors at the start of the string. This allows attacker-controlled domains such as `trusted.example.com.evil.com` to pass validation against patterns intended to match `trusted.example.com`. The vulnerability affects multiple locations in the codebase, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially enabling phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.

πŸŽ–@cveNotify
🚨 CVE-2026-22054
Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

πŸŽ–@cveNotify
🚨 CVE-2026-22055
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.

πŸŽ–@cveNotify